5.1.9. Class BasicAccessList

This class encapsulates an access list that uses any class derived from the AbstractAuthorization class. BasicAccessList allows to combine multiple access control requirements into a single decision.

BasicAccessList uses a list of rules. The rules are evaluated sequentially. Each rule can specify whether matching the current rule is Sufficient or Required. A connection is authorized if a Sufficient rule matches the connection, or all Required rules are fulfilled. If a Required rule is not met, the connection is refused.

Rules are represented as a list of Python tuples as the following example shows:

Example 5.4. BasicAccessList example

Example 5.4. BasicAccessList example
When referenced in a service definition, the following users can access the service: members of the `development` group; anyone with the `user1` username; anyone with the `user2` username. AuthorizationPolicy(name='intra', authorization=BasicAccessList( ((V_BACL_SUFFICIENT, PermitUser('user1')), (V_BACL_SUFFICIENT, PermitUser('user2')), (V_BACL_REQUIRED, PermitGroup('development')))))

When referenced in a service definition, the following users can access the service:

members of the development group;
anyone with the user1 username;
anyone with the user2 username.

AuthorizationPolicy(name='intra',
      authorization=BasicAccessList(
            ((V_BACL_SUFFICIENT, PermitUser('user1')),
             (V_BACL_SUFFICIENT, PermitUser('user2')),
             (V_BACL_REQUIRED, PermitGroup('development')))))

Previous	Up	Next
	Home

Proxedo Network Security Suite 2 Reference Guide

5.1. Module Auth

5.1.9. Class BasicAccessList